Wednesday, January 21, 2015

Underscoring the rising focus on cybersecurity at large financial institutions, Bank of America’s CEO said Wednesday the bank’s cybersecurity operation can spend as much as it needs to protect the lender and its customers.

“I go to bed every night feeling comfortable that that group has all the money (it needs),” Brian Moynihan said in a Bloomberg Television interview from Davos, Switzerland, where he has been attending the World Economic Forum this week. “They never have to ask.”

“The only place in the company that doesn’t have a budget constraint is that area,” he said. “Why would I take my judgment and say, ‘You could do this cheaper?’”

(For those interested in watching the video above, Moynihan's comments about what the bank is spending on cybersecurity come roughly five minutes in.)

Moynihan said the Charlotte bank, the second-largest in the U.S. by assets, spends more than $400 million a year on cybersecurity. “And it's going north of that.”

His comments come at a time of growing concern among major U.S. companies about cyberattacks. In November, Sony Pictures became the victim of a destructive online attack. Before that incident, recent data breaches affecting Target, Home Depot and other large retailers made national headlines.

Banks large and small say their cybersecurity costs are rising. Wells Fargo CEO John Stumpf, speaking last week to analysts on an earnings conference call, said the San Francisco-based lender is “spending more on cyber today.”

One ongoing area of concern for banks are so-called “distributed denial of service” attacks. In such attacks, criminals overwhelm a bank’s computer or telecommunications networks with large amounts of data requests, which can slow or block customer access to online accounts.

In its latest annual report, Bank of America says its websites have been subject to “a series” of denial of service incidents. Those incidents have not resulted in unauthorized access to Bank of America or customer information, according to the report. But the report says the bank believes such incidents may continue.

The bank’s cybersecurity group is “judicious” in how it spends money on cybersecurity, Moynihan said.

“But the reality is you’ve got to be willing to do what it takes at this point.”